<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ page import="java.sql.*" %>

<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title>Hotel Modify</title>
</head>
<body>

<%
request.setCharacterEncoding("UTF-8");
String id = request.getParameter("id");
String hotel = request.getParameter("hname");
String city = request.getParameter("city");
String score = request.getParameter("score");

// 加载数据库驱动
/*Class.forName("org.mariadb.jdbc.Driver");
Connection connection = DriverManager.getConnection("jdbc:mariadb://10.220.140.102:3366/studb11","stua","zHZUA65r");
Statement stmt = connection.createStatement();


String sql = "UPDATE hotel SET NAME='"+hotel+"',city='"+city+"',score="+score+";WHERE id="+id;
System.out.println("sql=" + sql);

int r = stmt.executeUpdate(sql);
System.out.println("影响行数为:"+ r);

stmt.close();
connection.close();

*/

// 使用PreparedStatement来避免SQL注入
String sql = "UPDATE hotel SET NAME='"+hotel+"', city='"+city+"' ,score= "+score+" WHERE id=" +id;
System.out.println("sql=" + sql);
int ret = aa.db.DBTools.doSql(sql);

response.sendRedirect("hotel.jsp");
%>
 
</body>
</html>
